Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update golang.org/x/net #9485

Merged
merged 1 commit into from
Apr 19, 2024
Merged

update golang.org/x/net #9485

merged 1 commit into from
Apr 19, 2024

Conversation

sparky005
Copy link
Contributor

@sparky005 sparky005 commented Apr 15, 2024
edited

updates the update golang.org/x/net package. there are some reported vulnerabilities in this package and it's getting flagged by our internal security team.

Updated the packages as follows:

cd src/runtime/virtcontainers/pkg/cloud-hypervisor/client
go get -u golang.org/x/net
go mod tidy
go mod vendor

Fixes #9486

@katacontainersbot katacontainersbot added the size/tiny Smallest and simplest task label Apr 15, 2024
@sparky005 sparky005 mentioned this pull request Apr 15, 2024
Closed
@stevenhorsman
Copy link
Member

stevenhorsman commented Apr 18, 2024
edited

Hi @sparky005 - Thanks for the PR - it looks like there are a couple of failures here:

  • The runtime static checks are failing as the runtime go modules need tidying:
Run cd src/runtime
go mod tidy
go: downloading golang.org/x/sys v0.19.0
go: downloading golang.org/x/net v0.24.0
go mod vendor
go mod verify
  • You commit message header doesn't have a subsystem, so you could add runtime: to the start of it to help it pass.

Thanks!

@sparky005
runtime: update golang.org/x/net
1c5ca0c 
updates golang.org/x/net to newer version that closes some reported
vulnerabilities and security issues

Fixes kata-containers#9486

Signed-off-by: Adil Sadik <sparky.005@gmail.com>
@sparky005
Copy link
Contributor Author

Thanks so much @stevenhorsman! Looks like I forgot to include some files in my original commit 😅. I've added them now but it looks like I'm still getting a failure, which looks like it may have been a kubelet issue? Not sure if that's related to my change or not.

@stevenhorsman
Copy link
Member

Thanks so much @stevenhorsman! Looks like I forgot to include some files in my original commit 😅. I've added them now but it looks like I'm still getting a failure, which looks like it may have been a kubelet issue? Not sure if that's related to my change or not.

Probably not - our integration test are not super stable. Let me do a bit of babysitting on it and see if I can get enough passing

@stevenhorsman
Copy link
Member

/test

@lifupan
Copy link
Member

lifupan commented Apr 19, 2024

Thanks @sparky005, it's seemed some cases still failed, let me retest them.

lifupan
lifupan approved these changes Apr 19, 2024
View reviewed changes
Copy link
Member

@lifupan lifupan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

stevenhorsman
stevenhorsman approved these changes Apr 19, 2024
View reviewed changes
Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks @sparky005!

@stevenhorsman stevenhorsman merged commit 7e12d58 into kata-containers:main Apr 19, 2024
300 of 304 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lifupan lifupan lifupan approved these changes

@stevenhorsman stevenhorsman stevenhorsman approved these changes

Assignees
No one assigned
Labels
ok-to-test size/tiny Smallest and simplest task
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

golang.org/x/net has some vulnerabilities and needs to be updated
4 participants
@sparky005 @stevenhorsman @lifupan @katacontainersbot